Items tagged with security

If you want to be stealthy, perhaps not wearing a hot pink suit is a good choice. When it comes to cybersecurity, avoiding computer languages that people have come to know and recognize is a good idea as well. Threat actors have seemingly figured out the latter as some malware has now been built using “exotic” programming languages to better avoid security protections, analysis, and slow the reverse engineering process. As Eric Milam, VP of Threat Research at BlackBerry, explains, “Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies.” This includes adapting to “less prolific programming... Read more...
In the past, there have been some big slip-ups when commentators did not know that they were on-air and began speaking their mind to other people. This seems to have happened again at the Tokyo Olympics when an Italian TV announcer did not realize he was live on-air when he asked for his computer password. Posted to Twitter yesterday by cybersecurity associate professor Stefano Zanero from the Polytechnic University of Milan, the clip has amassed thousands of likes, retweets, and views. In the video during the Turkey-China volleyball game, the announcer asked, in Italian, "Do you know the password for the computer in this commentator booth?" La prossima volta che sentite chiacchierare di sofisticatissime... Read more...
Hackers and threat actors are constantly searching for new ways to breach systems for cybersecurity research or exploitation, respectively. Thankfully, French researcher Gilles Lionel got to an NTLM Relay Attack, dubbed PetitPotam, first. Now, Microsoft has released a mitigation technique that IT admins should implement to remain secure. Last week, information about PetitPotam was posted to GitHub by French cybersecurity researcher Gilles Lionel. Lionel found that, through a tool he made, it was possible “to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.” In layman’s terms, an attacker could use the program to extract NTLM authentication... Read more...
Microsoft is warning of a vulnerability in both Windows 11 (not yet released, but available in preview form to Windows Insiders) and Windows 10 that could reveal a user's admin password, which in turn could be used to elevate their own system privileges. That's obviously not a good thing, as it would essentially grant the hacker with full control of a system. "An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view,... Read more...
Earlier this year, the Colonial Pipeline ransomware incident crippled fuel delivery to the Eastern Seaboard, sending people into a panic and decreasing the supply of gas, if only briefly. Amazingly, this is only the first time something of this scale has happened, but hopefully, it will be the last. The Department of Homeland Security is now requiring owners and operators of critical pipelines to instate "urgently needed protections against cyber intrusions." Cyber defense is a crucial part of the world we live in, as "The lives and livelihoods of the American people depend on our collective ability to protect our Nation's critical infrastructure from evolving threats," explains Secretary of... Read more...
Just as there is a traditional weapons market, a private sector cyberweapons market enables people and organizations to attack anyone worldwide for a fee. However, Microsoft takes this threat of cyberweapons seriously, and is now working to fight the problem head-on. Yesterday, Microsoft's Cristin Goodwin, General Manager for the Digital Security Unit, reported on a cyberweapon being manufactured by a group called Sourgum. This weapon was initially found by the Citizen Lab, at the University of Toronto's Munk School, after being used to attack "more than 100 victims around the world including politicians, human rights activists, journalists, academics, embassy workers and political dissidents."... Read more...
Remember that scene in Office Space where a trio of disgruntled employees take a problematic printer to field and beat it to a pulp? Anyone who has ever dealt with stubborn printer issues has probably felt that way. It doesn't help that we also have to worry about printer vulnerabilities messing up our day, and to that end, Microsoft has warned of yet another one. The latest printer bug is being tracked as CVE-2021-34481. It has to do with the Windows Print Spooler service, and without a patch in place, a nefarious actor could potentially gain unfettered access to an affected system. At that point, they could install malware, swipe sensitive data, and worst of all, rearrange your carefully aligned... Read more...
Over the past few years, biometric security solutions have been on the rise, replacing the use of traditional passwords on both mobile devices and the PC. Windows Hello is one such implementation. It allows users to near-instantaneously log onto their machines with their face or fingerprint (or a PIN), and is in wide use today. It's also apparently vulnerable to an exploit that could allow an attacker to bypass facial recognition on a Windows PC. Any vulnerability is concerning because of Windows Hello's massive footprint—Microsoft's telemetry suggests the vast majority of Windows 10 users (85 percent) use Windows Hello. Because it is so widely used, security researchers at CyberArk Labs... Read more...
Earlier this year, a vulnerability within Apple’s WebKit for Safari was discovered by Google’s Threat Analysis Group (TAG) and then tracked as CVE-2021-1879. Now, it is reported that this vulnerability was likely exploited by a familiar Russian government-backed threat actor: Nobelium. Yesterday, Google TAG researchers Maddie Stone and Clement Lecigne reported that Nobelium, also known as Cozy Bear or APT29, used “LinkedIn Messaging to target government officials from western European countries by sending them malicious links.” If the victim clicked this link on an iOS device, they would be redirected to an attacker-controlled domain that served next-stage payloads. After... Read more...
After last week's out-of-band update to patch the PrintNightmare vulnerability, Microsoft has now released more vulnerability fixes as part of Patch Tuesday. With this update, the Redmond, Washington-based company knocked out a whopping 117 security issues that garnered a variety of concerns. Patch Tuesday has become something a holiday (or recurring nightmare) on the second Tuesday of each month for IT administrators, as Microsoft pushes out the latest security updates to its products. For this Patch Tuesday, a rather extensive list including Microsoft Office products, Microsoft networking products, and a swath of Windows products have been given security updates. Many of the vulnerabilities... Read more...
It appears that REvil, the threat actor group behind attacks on JBS Global and Kaseya, among others, has gone dark. While this could be a good thing, it may not be worth holding your breath as there are other explanations for REvil “disappearing” in the short term. Prior to the July 4th holiday in the United States, REvil executed an attack on Kaseya, a management software company based out of Florida. This led to upwards of 1,500 businesses downstream having their files encrypted and held for ransom by the threat actor group’s ransomware. With this rise in attacks, the Biden administration has seemingly put cybersecurity as a priority. Less than a day ago, BleepingComputer’s... Read more...
Yesterday, Microsoft reported that it had detected a 0-day remote code execution exploit being used in the wild against SolarWinds’ Serv-U FTP product. The vulnerability that allowed this exploit has since been patched, but it is still disconcerting, nonetheless. Tracked as CVE-2021-35211, the vulnerability reported to SolarWinds by Microsoft resided in Serv-U’s version of the Secure Shell (SSH) protocol, explains Microsoft’s Threat Intelligence Center (MSTIC). If Serv-U’s SSH happened to be exposed to the internet, black hat hackers could exploit the vulnerability; thus allowing for remote code execution with privileges, leading to malware installations or unwanted data... Read more...
If you are still relying on Apple's discontinued AirPort Time Capsule to back up you data, you may want to seek out an alternative. Otherwise, you could lose all your files to what a data retrieval company is calling a flaw in the physical design, which in the firm's experience, can actually warp the hard disk drive (HDD) inside. The AirPort Time Capsule is a defunct router line that Apple introduced in January 2008. It combined 802.11n wireless connectivity with a "server grade" HDD, with the promise of delivering automatic wireless backups for every Mac in a person's home. Apple initially offered two variants, one with a 500GB HDD for $299 and a 1TB mode for $499, then a year later it offered... Read more...
Customers of Kaseya's Vector Signal Analysis (VSA) software are being warned to be on the lookout for phishing emails claiming to offer up a security update, but in reality contain a malicious payload. The phishing campaign is a result of a massive supply chain ransomware attack that spread through software created by the Florida-based IT company. Notorious hacking group REvil was behind the attack, which exploited vulnerabilities in Kaseya's VSA software to distribute ransomware. In the aftermath, Kaseya said the attack affected fewer than 60 customers, though also noted that many of those customers provide IT services to multiple other companies. "We understand that the total impact thus far... Read more...
As if fussing with a printer is not maddening enough, a recent Windows Print Spooler exploit called 'PrintNightmare' left users vulnerable to remote code execution attacks. Not cool. Fortunately, Microsoft has made rather quick work of rolling out an out-of-band patch, which is being sent out via Windows Update (or you can grab it manually). Out-of-band patches for Windows are somewhat on the rare side, though they do happen on occasion. Normally, Microsoft packages up cumulative updates and dishes them out on the second Tuesday of every month, otherwise known as Patch Tuesday. Sometimes, however, problems or exploits arise that simply can't wait. This is one of them. Published as CVE-2021-34527,... Read more...
Over the weekend, cybersecurity experts, forensics teams, and white-hat hackers worldwide have been battling the ransomware incident affecting Kaseya VSA customers. Now, the Florida-based IT and remote management company is reporting that fewer than 60 customers and 1,500 downstream companies have been affected by this. But could this all have been prevented in the first place, or did cybersecurity take a backseat? On the evening of July 5th, Kaseya reported that the ransomware attack, which started on July 2nd against its VSA product, had hopefully been contained at this point. So far, there are fewer than 60 direct Kaseya customers affected; however, as many of these companies provide IT services,... Read more...
Audacity sparked quite the firestorm over the weekend after the scope of changes to its privacy policy were revealed to the broader public. The changes came after Audacity was acquired by Muse Group earlier this year. Some of the key sticking points that alarmed users of the audio editing program were that while customer data is hosted primarily in the European Economic Area (EEA), it could "occasionally" be shared with Audacity's main office in Russia (and the United States). In addition, Muse Group explained that customer data could be shared with "any competent law enforcement body, regulatory, government agency, court, or other third-party." Audacity currently has amassed over 100 million... Read more...
Over the holiday weekend, the popular battle royale game Apex Legends was hacked, but not in the way you may expect. Rather than stealing data, encrypting files, or being generally destructive, the hackers broadcasted a message stating that Respawn Entertainment has not done enough to fight hackers in its first game, Titanfall. Early on July 4th, Apex Legends players of PC began to report that the hackers replaced in-game playlists as well as notifications with complaints about the state of Titanfall. These messages also included a link to SaveTitanfall.com, which further explains that the game, which is still for sale, is “currently unplayable on PC due to hacker(s) using exploits.”... Read more...
For the past two decades, Audacity has built and maintained a following as a capable and free audio editing program. Being a no-cost solution is a big draw, and so are a coupe of other attributes—it's an open source program, and available on multiple platforms (Windows, macOS, GNU/Linux). Some users are starting to sour on it, however, accusing the new owner of turning it into a spyware vehicle of sorts. Audacity changed hands in April when it was acquired by Muse Group for an undisclosed sum. At the time, Martin Keary, head of design at MuseScore, an open source notation program owned by Muse Group as well, offered up some encouraging comments about the deal. Keary is the one who is now... Read more...
Do you know what would be great? If Apple would stop dragging its feet on a weird bug in iOS that makes it possible to disable an iPhone's ability to connect with a Wi-Fi network. Same goes for iPad devices, presumably. The problem lies with SSIDs that contain certain characters—if you connect to one with your iPhone, it could kill your Wi-Fi, possibly requiring a factory restore to get it back. This came to light last month when researcher and reverse engineer specialist Carl Schou found that when joining a network with the SSID set as %p%s%s%s%s%n, it would disable the device's Wi-Fi. In some cases, however, it seems the issue could be resolved by resetting the phone's network settings,... Read more...
On July 4th, we reported that the developing Kaseya ransomware incident might be much worse than initially thought. While it is still unclear exactly how many victims and encrypted devices there are, it was apparent that this is certainly a wide-reaching international incident. We also noted that REvil, the Russian-backed hacking group, had not mentioned the situation on its blog, until now. Late in the evening on July 4th, REvil made a blog post about its Kaseya attack after much speculation. The group explained that the attack launched on July 2nd has since encrypted “more than a million systems.” However, it seems that this ransomware event is being treated differently than most,... Read more...
Before the holiday weekend got underway, the REvil hacking group kicked off a massive supply chain attack involving remote management software company Kaseya. Based out of Florida, the company only reports that 40 of its remote monitoring tool VSA on-premises customers have been affected by this. However, some of these 40 could be managed service providers who in turn serve hundreds of small businesses, which bloats the number of affected companies upwards of 1,000. This morning, Kaseya provided an update on its progress, explaining that it is working on a plan to restore software-as-a-service server farms while all on-premises VSA servers should remain offline until further notice. Furthermore,... Read more...
1 2 3 4 5 Next ... Last